d5774aa81e491ab4aa641a95e9b679ec7f34194d8ab2ce838d6df811933073f4 | Triage

Sharing

General

Target

d5774aa81e491ab4aa641a95e9b679ec7f34194d8ab2ce838d6df811933073f4
Size

149KB
Sample

221203-pkcwgsdd7w
MD5

06be7a7fc9814e1ea4849252694875c0
SHA1

f15993fed00a3b1356fdc4192bf611a6680bd7ae
SHA256

d5774aa81e491ab4aa641a95e9b679ec7f34194d8ab2ce838d6df811933073f4
SHA512

d42d0145fc5f3ea285b8b81cc5df46ba06df6a9429a1aaabce2ea80a7366feb4f8ee119d841ea1da629e67108c13a6386eff3e4fadb85e005c35df0b207bd079
SSDEEP

3072:9wz+Jlfc/EQv36BO7YfITv2xQi9Zl7IXMII4telF8b0d3a3m:aOPQ6O7YfQri9TIX85d3h

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  d5774aa81e491ab4aa641a95e9b679ec7f34194d8ab2ce838d6df811933073f4
- Size
  
  149KB
- MD5
  
  06be7a7fc9814e1ea4849252694875c0
- SHA1
  
  f15993fed00a3b1356fdc4192bf611a6680bd7ae
- SHA256
  
  d5774aa81e491ab4aa641a95e9b679ec7f34194d8ab2ce838d6df811933073f4
- SHA512
  
  d42d0145fc5f3ea285b8b81cc5df46ba06df6a9429a1aaabce2ea80a7366feb4f8ee119d841ea1da629e67108c13a6386eff3e4fadb85e005c35df0b207bd079
- SSDEEP
  
  3072:9wz+Jlfc/EQv36BO7YfITv2xQi9Zl7IXMII4telF8b0d3a3m:aOPQ6O7YfQri9TIX85d3h
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2